After you’ve uploaded the ping-auth
plugin’s schema to Konnect, configure the
plugin in Gateway Manager, or use the Kong API.
Test the operation of the ping-auth
plugin before you use it in
production.
Configuring the plugin using the Gateway Manager UI
- In Gateway Manager, open Plugins from the side navigation, then click New Plugin.
- On the Custom Plugins tab, click the ping-auth plugin.
- Optional: To enable the plugin for specific consumers, services, or routes, click Scoped, and then enter Service, Route, and Consumer information.
- In the Service Url field, enter the API gateway service URL that you saved when you prepared PingOne Authorize for Konnect integration.
-
In the Shared Secret field, enter the credential that
you saved earlier.
-
Configure the following additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_ms
The duration to keep the connection alive for reuse. The default is
60000
.Connection Timeout Ms
connection_timeout_ms
The duration to wait before the connection times out. The default is
10000
.Enable Debug Logging
enable_debug_logging
Controls if the requests and responses are logged at the debug level. The default is
false
. For log messages to show in error.log, you must setlog_level = debug
in kong.conf.Verify Service Certificate
verify_service_certificate
Controls whether the service certificate is verified. This is intended for testing purposes and the default is
true
. - Click Save.
Kong Konnect is now configured to work with PingOne Authorize.
Configuring the plugin using the Kong API
-
Send the following in a
POST
request tohttps://{region}.api.konghq.com/konnect-api/api/runtime_groups/{controlPlaneId}/plugins
:{ "name": "ping-auth", "enabled": true, "config": { "enable_debug_logging": true, "verify_service_certificate": false, "secret_header_name": "<shared secret header name>", "service_url": "https://<PingOne Server hostname>", "shared_secret": "<shared secret>" } }
The following fields are required for this API request:
Secret_header_name
- The header name in which the shared secret is provided. You can provide additional configuration in accordance with the Kong API specification.
Service_url
- The full service URL of the API gateway in PingOne.
Shared_secret
- The shared secret value to authenticate this plugin to PingOne.
Tip:You saved these credentials when you prepared PingOne Authorize for Konnect integration. To find the credentials in PingOne, go to Authorization > API Gateways.
- Optional:
Configure additional fields:
Option API Field Name Description Connection KeepAlive Ms
connection_keepAlive_ms
The duration to keep the connection alive for reuse. The default is
60000
.Connection Timeout Ms
connection_timeout_ms
The duration to wait before the connection times out. The default is
10000
.Enable Debug Logging
enable_debug_logging
Controls if the requests and responses are logged at the debug level. The default is
false
. For log messages to show in error.log, you must setlog_level = debug
in kong.conf.Verify Service Certificate
verify_service_certificate
Controls whether the service certificate is verified. This is intended for testing purposes and the default is
true
.
Kong Konnect is now configured to work with PingOne Authorize.